tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/53962: npf: weird 'stateful' behavior



On Sun, Feb 17, 2019 at 12:54:15PM +0100, Edgar Fuß wrote:
> A Timo knows, I'm running NetBSD in production.
> 
> I run a "one VLAN per IP range" (minus external, of course) policy.
> 
> I'm using packet filtering (currently ipf on 6.1) both on individual servers 
> (anti-spoofing, access restriction to certain deamon ports) and on the gateway 
> (the only machine with IP forwarding enabled) to restrict inter-network 
> traffic. From the ipf bugs I run into, I conclude I'm the only person on 
> the planet doing this.

No, I'm doing it too, but maybe with a different set of rules than you.
I don't use statefull filtering for TCP, for example.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--


Home | Main Index | Thread Index | Old Index